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CLAIMS 



The present listing of claims replaces all the previous versions or listings of the claims: 

1. (Currently Amended) A system for real-time vulnerability assessment of a host/device, said 
system comprising: 

an agent running on the host/device, said agent comprising; 

a f i rst data structure for ctor i ng tho statue of i nterfaces and ports on th e 
i nt e rfaces of th e host/d e vic e , 

an executable agent module coupled to th e fir s t dat a s tructur e configured to track 

the status of interfaces and ports on the interfaces of the host/device and to store 

the information^] as information entries i n s aid first data structur e, 

said executable agent module configured to compare the entries to determine a 

change in the status of interfaces and/or of ports on the interfaces of the 

host/device, 

a remote destination server , sa i d dest i nat i on s e rv e r comprising^- 

a s e cond data structur e for stor i ng th e st a tus of i nt e rf a c e s and th e port s on th e 
i nt e rface s of the host/d e vic e , 

an executable server module couplod to th e s e cond d a t a s tructur e configured to 
receive the information entries communicated by the agent executable agent 
module of th e a gent on the host/d e v i c e, 

said executable server module configured to store the received information 
entries, as e ntr i es in the se cond d a ta s tructur e wherein the information entries 
indicate the state of each of the ports on each of the active interfaces of the 
host/device asr e o ei v e d , 

said executable server module configured to compare the received information 
entries in said d at a s tructur e s to determine the change in the status of interfaces 
and ports on the interfaces of the host/device, and 

said executable server module configured to run vulnerability assessment tests 
on the host/device in the event of a change in the status of interface/ports. 

2. (Currently Amended) The system of claim 1 , further compr i s i ng: wherein said a« executable 
server module is configured coupl e d to a s e cond d a ta s tructur e to receive and update the 
vulnerability data in a vulnerability database t he d es t i nation se rve r u se d by th e se rv e r for 
vu lne r a b il ity t e sts, whenever new vulnerabilities are discovered, and wherein said executable 
server module is configured coupled to th e s e cond data s tructur e to test the host/device for the 
new vulnerabilities whenevef the vulnerability database is updated with new vulnerabilities,, and to 
determine the new vulnerabilities^ 
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3. (Currently Amended) A system for real-time vulnerability assessment of a host/device, said 
system comprising: 

an agent running on the host/device, said agent comprising: 

a first data structur e to s to re th e Gtat u s o f in terf a c e s on the host/d e v i ce and t h e 

port s on th e i nt e rfac e s on the hos t /d evic e, 

an executable agent module coup le d to tho first data structur e and oporab l o 
configured to track the status of interfaces and ports on the interfaces of the 
host/device to collect and store the information!,] as information entries in th e fir s t 
data structur e, 

said executable agent module coupl e d configured to th e first data structur e to 
compare the entries to determine a change in the status of interfaces and/or of 
ports on the interfaces of the host/device, 

wherein said executable agent module is configured to communicate said 
changes to a remotely located destination server on the a_network, and 
a destination server running remotely, said destination server communicablv coupled to 
the host/device over a network, said destination server comprising: 

a second data s tructur e for stor i ng th e s tatus of int orfa c o s/ p orts on th o 
host/ d e v ice, 

an executable server module coupl e d to th e s e cond data structur e configured to 
receive information entries communicated by the executable agent module on 
the host/device, 

said executable server module coupled to th e s e cond data structur e confiured to 
store the received information entries, a s entr i e s i n th e second dat a s tructur e 
wherein the information entries indicate the state of each of the ports on each of 
the active interfaces of the host/device as r e c ei v ed, 

said executable server module coupled to th e s econd data s tructur e configured 
to compare the received information entries to determine any change in the 
status of interfaces and ports on the interfaces of the host/device a s r e ported to 
*, 

said executable server module coupled to th e second dat a structure configured 
to process the changes to determine any new interfaces active and/or any newly 
opened ports on any of the active interfaces on the host/device on which services 
are listening as reported to it said destination server . 

said executable server module coup l od to tho cocond dat a structure configured 
to run tests remotely to identify the network services running on the newly 
opened ports on the various active interfaces of the host/device, 
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said executable server module coup le d to th e 6e cond dat a s tructur e configured 
to run vulnerability assessment tests on the identified network services on the 
newly opened ports of the interfaces and storing the results, and 
said executable server module coupled to th e se cond dat a s tructur e configured 
to obtain an incremental or an overall vulnerability status report of the host/device 
from the results of the current vulnerability tests, and previously stored 
vulnerability test results. 

4. (Currently Amended) The system of claim 3 . furth e r compri si ng: wherein 

an said e xecutable server module coupl e d to th e s e cond d a ta structur e is configured to 
receive and update the vulnerability database in the a_vulnerability assessment server 
used by the destination s erver to do vulnerability tests, whenever new vulnerabilities are 
discovered publicly or elsewhere, and 

an wherein said executable server module coupl e d to th e s e cond dat a structur e is 
configured to test the host/device for the new vulnerabilities whenever the vulnerability 
database is updated with new vulnerabilities, and obtain results. 

5. (Previously Presented) The system of claims 1 or 4, wherein status of an interface is either 
active or inactive. 

6. (Previously Presented) The system of claims 1 or 4, wherein status of a port is a service 
listening on the port or not. 

7. (Previously Presented) The system of claims 1 or 4, wherein the agent tracks the change in 
status of ports/interface by monitoring in real-time or polling at periodic intervals for the status of 
ports/interfaces and storing the entries at various time intervals. 

8. (Previously Presented) The system of claims 1 or 4, wherein the communication protocol 
between the host/device and the destination server is a standard transport level utility selected 
from sockets or any other standard communication protocol. 

9. (Previously Presented) The system of claims 1 or 4, wherein the server executable module 
compares the entries corresponding two consecutive time intervals. 

10. (Previously Presented) The system of claims 1 or 4, wherein the host/device is selected from 
a switch, a router, a device running a standard real-time operating system, a mobile device or a 
PDA. 
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11. (Previously Presented) The system of claims 1 or 4, wherein the host/device is an 
enterprise/consumer machine running with Windows, Unix, Linux, VxWorks, Symbian or PalmOS. 

12. (Previously Presented) The system of claims 1 or 4, wherein the changes that are 
communicated to the destination server consisting of the IP address of the interface(s) and the 
port numbers on which listening services have started or stopped on the particular interface(s). 

13. (Previously Presented) The system of claims 1 or 4, wherein the status of the port consists of 
separate statuses for TC and UD protocols. 

» 

14. (Previously Presented) The system of claims 1 or 4, wherein plurality of hosts/devices is 
tracked in conjunction with one or more destination servers handling the host/devices. 

15. (Previously Presented) Logic encoded in a program stored in a computer-readable 
media for real-time vulnerability assessment of a host/device, and operable to perform the 
following steps: 

tracking in real-time the status of interfaces and/or of the ports on a host/device, 
communicating a change in the status of the interfaces and/or the status of ports of the 
host/device to a remotely located destination server on the network, 

tracking in real-time the reported status of ports and interfaces of the host/device by the 
destination server, and 

conducting vulnerability assessment tests on the host/device by the destination server in 
the event of a change in the status of interfaces and/or ports of the host/device. 

16. (Previously Presented) Logic encoded in a program stored in a computer-readable 
media for real-time vulnerability assessment of a host/device, and operable to perform the 
following steps: 

tracking in real-time the status of interfaces and/or ports on a host/device, 

communicating the change in the status of the interfaces and/or the status of ports to a 

remotely located destination server on the network, 

tracking in real-time the reported status of the ports and interfaces of the host/device by the 

destination server 

processing the changes by the destination server to determine new active interfaces or 
newly opened ports on any of the active interfaces on the host/device on which services are 
listening, 
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running tests to identify remotely the network services running on the newly opened ports 

on the various active interfaces of the host/device, 

running vulnerability assessment tests on the identified network services on the newly 
opened ports of the interfaces and storing the results, and 

generating an incremental and/or overall vulnerability status report of the host/device from 
the results of the current vulnerability tests, and storing the results classified port and interface 
wise. 

17. (Previously Presented) The logic of claims 15 or 16, wherein the status of an interface is 
either active or inactive. 

18. (Previously Presented) The logic of claims 15 or 16, wherein status of a port is a service 
listening on the port or not. 

19. (Previously Presented) The logic of claims 15 or 16, wherein the status of the port consists of 
separate statuses for TC and UD protocols. 

20. (Previously Presented) The logic of claims 15 or 16, wherein tracking consists of monitoring in 
real-time or polling at periodic intervals for the status of ports/interfaces on the host/device. 

21. (Previously Presented) The logic of claims 15 or 16, wherein the communication protocol 
between the host/device and the destination server is a standard transport level utility selected 
from sockets or any other standard communication protocol. 

22. (Previously Presented) The logic of claims 15 or 16, wherein the host/device is selected from 
a switch, a router, a device running a standard real-time operating system, a mobile device or a 
PDA. 

23. (Previously Presented) The logic of claims 15 or 16, wherein the host/device is an 
enterprise/consumer machine running with Windows, Unix, Linux, VxWorks Symbian or PalmOS. 

24. (Previously Presented) The logic of claims 15 or 16, wherein the changes that are 
communicated to the destination server consisting of the IP address of the interface(s) and the 
port numbers on which listening services have started or stopped on the particular interface(s). 

25. (Previously Presented) The logic of claims 15 or 16, wherein the information that is 
communicated from the host/device to the destination server is the names of the services. 
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26. (Previously Presented) The logic of claims 15 or 16, wherein the information that is 
communicated from the host/device to the destination server is a message signaling a change in 
the status of interfaces and/or ports on the host/device. 

27. (Previously Presented) The logic of claims 15 or 16, wherein the vulnerability assessment 
server used by the destination server is updated with the new vulnerabilities to test the presence 
of vulnerabilities. 

28. (Previously Presented) The logic of claims 15 or 16, wherein a plurality of hosts/devices are 
tracked in conjunction with plurality of destination servers handling the host/devices. 

29. (Currently amended) A computer-implemented method for real-time vulnerability 
assessment of a host/device, said method comprising: 

tracking in real-time the status of interfaces and ports on the host/device[,]_^ 

collecting and storing the status as information entries in a data structur e^ 

comparing the entries to determine any change in the status of interfaces and/or the status 

of ports on the interfaces of the host/device[,]_; 

communicating the changes to a remotely located destination server on the network^ 
storing said changes as entries in a data structure by the destination server wherein the 

entries indicate the state of each of the ports on each of the active interfaces of the host/device 

as reported[,L; 

comparing the entries fey stored at t he destination server to determine if there is any 
change in the status of interfaces and ports on the interfaces of the host/device as reported to 



running vulnerability assessment tests on the host/device by the destination server and 
reporting the results. 

30. (Previously Presented) A computer-implemented method for real-time vulnerability 
assessment of a host/device, said method comprising: polling the status of the ports and 
interfaces on the host/device, periodically at a pre-configured time interval, 
collecting the above information and storing as entries in an agent, 

comparing the entries to determine if there is any change in the status of interfaces and/or 
the status of ports on the interfaces of the host/device, 

communicating the changes to a remotely located destination server on the network, 



itLLand 
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storing the received information as entries in a server by the destination server wherein the 
entries indicate the state of each of the ports on each of the active interfaces of the host/device 
as reported, 

comparing the entries by the destination server to determine if there is any change in the 
status of interfaces and ports on the interfaces of the host/device as reported to it, and 

running vulnerability assessment tests on the host/device by the destination server and 
reporting the results. 

31. (Previously Presented) The method of claims 29 or 30, wherein the status of an interface is 
either active or inactive. 

32. (Previously Presented) The method of claim 29 or 30, wherein the status of a port is a service 
listening on the port or not. 

33. (Previously Presented) The method of claim 29 or 30, wherein the agent tracks the change in 
status of ports/interface by monitoring in real-time or polling at periodic intervals for the status of 
ports/interfaces and storing the entries at various time intervals. 

34. (Previously Presented) The method of claim 29 or 30, wherein the communication protocol 
between the host/device and the destination server is a standard transport level utility selected 
from sockets or any other standard communication protocol. 

35. (Previously Presented) The method of claim 29 or 30, wherein the server executable module 
compares the entries corresponding two consecutive time intervals. 

36. (Previously Presented) The method of claim 29 or 30, wherein the changes that are 
communicated to the destination server consisting of the IP address of the interface(s) and the 
port numbers on which listening services have started or stopped on the particular interface(s). 

37. (Previously Presented) The method of claim 29 or 30, wherein the status of the port consists 
of separate statuses for TC and UD protocols. 

38. (Previously Presented) The method of claim 29 or 30, wherein plurality of hosts/devices is 
tracked in conjunction with one or more destination servers handling the host/devices. 
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